With this blog, I will teach you how to make an easy vulnerable box from 0
First Step
First, we need to decide to install any iso file image. We can install both debian and ubuntu. As you prefer. You can install this image in VirtualBox and boot your machine.
Second Step
The second step is installing the MobaXterm: It is a Windows application that allows you to manage network connections to remote servers through an easy-to-use UI. Once you have installed your machine on virtualbox, you will find yourself in a situation like this:
Click on session → SSH and add remote address. If you cannot find the static IP address of your VM you can find it with this command: `arp-scan -l`
If you don’t have arp-scan just install it. (-l flag stand for local network). You just arrived here? You’re going in a right way!
Now login in you mobaXterm with your credentials like:
Nice you are IN NOW FOR BUILD YOU FIRST BOX!
Installing
First at all you need to install apache2 or nginx (as you prefer) i’m going to install apache2. But first :) `apt-get update; apt-get upgrade -y`
Now you can install nginx. (For example)
After that go in `/var/www/html`
And choose your template for your website, as you want :) You can choose too much template here: https://github.com/learning-zone/website-templates.git. You can choose the template you want, and in /var/www/html you can pull you template. Example: git clone https://github.com/learning-zone/website-templates.git
Now choose your template and move it on /var/www/html and delete the folder with all templates.
Now you will have the website page in bestro-restaurant blabla and you can rename it as “website” folder for example.
Note: I just added a template, because i want that the people find vulnerabilities in my template. But you can choose an exploit for example on exploitDB and build your exploit with his website and his template :)
Now for example a want that the people find the bug in source code, so i can edit the index.html with a password inside “hidden” or encoded with base64 or hex. So the player can use this password for login to ssh. (Simple box and super easy but funny for start).
Once they are in. We need to create the privilege escalation! Now is more easy. For example we can use env from https://gtfobins.github.io/ . So install env with your terminal, and give to env super user permission. `chmod +s /usr/bin/env`
Now we have super user permission on env so they need to find env that run as super user and they can escalate to root.
TIPS: Play so much with create vulnerable box! You will able to create a very difficult box .
Important think!
When you finish the box and create the flag.txt with permission example `chown -R user:user /home/user/flag.txt`
And remove all the traces:
rm -rf /root/.cache || true
rm -rf /root/.viminfo || true
rm -rf /home/user/.sudo_as_admin_successful || true
rm -rf /home/user/.cache || true
rm -rf /home/user/.viminfo || true
ln -sf /dev/null /root/.bash_history
ln -sf /dev/null /home/user/.bash_history
cat /dev/null > /home/user/.bash_history && history -c && exit
cat /dev/null > /root/.bash_history && history -c && init 0
NOW export your VM
Go in:
File — -> export virtual application — -> next — ->next again — -> export and you will get the file.ova vulnerable :)
Thanks a lot for follow me on Twitter and Medium You are becoming very many.
Please support me and buy me a coffee :)
- 0xJin
